linux-toradex.git/net/netlabel/netlabel_user.c, branch v2.6.19.2 Linux kernel for Apalis and Colibri modules [NetLabel]: audit fixups due to delayed feedback 2006-09-30T00:05:05+00:00 Paul Moore paul.moore@hp.com 2006-09-30T00:05:05+00:00 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Fix some issues Steve Grubb had with the way NetLabel was using the audit
subsystem.  This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NetLabel]: add audit support for configuration changes 2006-09-29T01:03:09+00:00 Paul Moore paul.moore@hp.com 2006-09-28T21:51:47+00:00 32f50cdee666333168b5203c7864bede159f789e This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch adds audit support to NetLabel, including six new audit message
types shown below.

 #define AUDIT_MAC_UNLBL_ACCEPT 1406
 #define AUDIT_MAC_UNLBL_DENY   1407
 #define AUDIT_MAC_CIPSOV4_ADD  1408
 #define AUDIT_MAC_CIPSOV4_DEL  1409
 #define AUDIT_MAC_MAP_ADD      1410
 #define AUDIT_MAC_MAP_DEL      1411

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NetLabel]: rework the Netlink attribute handling (part 1) 2006-09-25T22:56:09+00:00 Paul Moore paul.moore@hp.com 2006-09-25T22:56:09+00:00 fcd48280643e92ec6cb29a04e9079dd7b6b5bfef At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes to better follow the common Netlink attribute usage. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
At the suggestion of Thomas Graf, rewrite NetLabel's use of Netlink attributes
to better follow the common Netlink attribute usage.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETLINK]: Add notification message sending interface 2006-09-22T21:54:49+00:00 Thomas Graf tgraf@suug.ch 2006-08-15T07:31:06+00:00 d387f6ad10764fc2174373b4a1cca443adee36e3 Adds nlmsg_notify() implementing proper notification logic. The message is multicasted to all listeners in the group. The applications the requests orignates from can request a unicast back report in which case said socket will be excluded from the multicast to avoid duplicated notifications. nlmsg_multicast() is extended to take allocation flags to allow notification in atomic contexts. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> 
Adds nlmsg_notify() implementing proper notification logic. The
message is multicasted to all listeners in the group. The
applications the requests orignates from can request a unicast
back report in which case said socket will be excluded from the
multicast to avoid duplicated notifications.

nlmsg_multicast() is extended to take allocation flags to
allow notification in atomic contexts.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NetLabel]: core NetLabel subsystem 2006-09-22T21:53:34+00:00 Paul Moore paul.moore@hp.com 2006-08-03T23:48:37+00:00 d15c345fe3b8dfda0fa5a1d2143a35fffa746a43 Add a new kernel subsystem, NetLabel, to provide explicit packet labeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is designed to work in conjunction with a LSM to intercept and decode security labels on incoming network packets as well as ensure that outgoing network packets are labeled according to the security mechanism employed by the LSM. The NetLabel subsystem is configured through a Generic NETLINK interface described in the header files included in this patch. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add a new kernel subsystem, NetLabel, to provide explicit packet
labeling services (CIPSO, RIPSO, etc.) to LSM developers.  NetLabel is
designed to work in conjunction with a LSM to intercept and decode
security labels on incoming network packets as well as ensure that
outgoing network packets are labeled according to the security
mechanism employed by the LSM.  The NetLabel subsystem is configured
through a Generic NETLINK interface described in the header files
included in this patch.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>